Vulnerabilities in SNMPv3

Lawrence, Nigel Rhea

10 July 2012

Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.

Vulnerability

Man-in-the-middle

MITM

Exploit

Weakness

Authoritative

Non-authoritative

USM

TSM

Rfc1443

1443

Auth

Authentication

NMS

Manager

Management

Embedded

Computer networks Monitoring

Computer networks Management

Connection management applications for high-speed audio networking

Sibanda, Phathisile

12 March 2008

Traditionally, connection management applications (referred to as patchbays) for high-speed audio networking, are predominantly developed using third-generation languages such as C, C# and C++. Due to the rapid increase in distributed audio/video network usage in the world today, connection management applications that control signal routing over these networks have also evolved in complexity to accommodate more functionality. As the result, high-speed audio networking application developers require a tool that will enable them to develop complex connection management applications easily and within the shortest possible time. In addition, this tool should provide them with the reliability and flexibility required to develop applications controlling signal routing in networks carrying real-time data. High-speed audio networks are used for various purposes that include audio/video production and broadcasting. This investigation evaluates the possibility of using Adobe Flash Professional 8, using ActionScript 2.0, for developing connection management applications. Three patchbays, namely the Broadcast patchbay, the Project studio patchbay, and the Hospitality/Convention Centre patchbay were developed and tested for connection management in three sound installation networks, namely the Broadcast network, the Project studio network, and the Hospitality/Convention Centre network. Findings indicate that complex connection management applications can effectively be implemented using the Adobe Flash IDE and ActionScript 2.0.

Flash (Computer file)

Computer networks

Computer networks -- Management

Digital communications

Computer sound processing

Broadcast data systems

C# (Computer program language)

C++ (Computer program language)

ActionScript (Computer program language)

The role of cloud computing in addressing small, medium enterprise challenges in South Africa

Kumalo, Nkosi Hugh

08 1900

This thesis was motivated by Roberts (2010) who found that 63% of SMEs in South Africa do not make it past second year of operation. To expand further on this problem, we reviewed literature to understand key business challenges experienced by SMEs in South Africa which contribute to this high failure rate. The challenges include red tape, labour legislation, lack of skills, lack of innovation, impact of crime, and lack of funds. The research project aimed to answer a key question: “How can information technology, in the form of Cloud Computing be used to address the challenges faced by small and medium businesses in South Africa?” To answer this question, data was collected from 265 SME companies and quantitatively analysed. It is important to note that the profile of SMEs targeted in this study are those that employed fewer than 200 employees, with a turnover of not less than 26 million rand per annum, and registered with South African Revenue Services (SARS) and also with the Companies and Intellectual Property Commission (CIPC) of South Africa. Over 60% of the firms that responded to the survey were in business for more than 10 years which means we are mainly dealing with data from businesses that have past the survivalist stage and are matured businesses. These are businesses that can share their experiences and challenges they faced throughout their journey. The profile of SMEs in this study should not be confused with that of Very Small Medium Enterprise Businesses. The questionnaire was designed to address four themes being the Demographic profile, SME Business Environment, Threat of Survival, and lastly Technology Adoption. Key finding in this research is that 60% of the panellists stated that red tape is the overriding challenge that small businesses contend with. 67% of the panellists confirmed that they have not invested in their businesses in the past year; and 53% stated that they have not applied for finance from the bank for fear of being rejected. Only 30% of the SME market were found to use enterprise resource planning (ERP) and 62% do not have their own IT department. Of great concern is that 65% of the panellists have experienced server down time at least once in the past year. Inability to predict the rising IT costs in a firm has been cited as the main concern when running IT on premise. The cost predictability finding was also discovered to be a benefit enjoyed by the SMEs who use Cloud Computing. The conclusion is that there is a relationship between Cloud Computing, Small and Medium Enterprise businesses and the challenges they face in their business environment. To address the identified business challenges, technology adoption studies by Gumbi & Mnkandla (2015), Carcary, Doherty & Conway (2014), Lacovou et al (1995), Mohlomeane & Ruxwana (2014), Kshetri (2010), BMI Research (2018), Conway & Curry (2012), Li, Zhao & Yu (2015), Wernefeldt (1985), Schindehuitte & Morris (2001), Tornatzy & Flesher (1991) were reviewed. From these publications, the Technology, Organisational and Environmental (TOE) was found to be relevant and of interest for use in answering the main research question. This study developed the Cloud Adoption Framework which is the anchor of all SME challenges. Key study contribution is that the TOE model, which is predominantly used to understand the determinants of technology adoption like various industry applications, infrastructure innovations etc., are now used to address specific challenges that have contributed in the high failure rate of SME business. This is the first-time TOE model has been used to align with key SME challenges that contribute to firms’ failure. Specific technology across Software, Infrastructure and Platform services models are recommended for use by SMEs to ensure challenges are mitigated and improve the chances of survival for SMEs operating in South Africa. By following the recommended Cloud Adoption Framework, SMEs should be able to navigate the complexities brought about by the tough operating environment and also the technologies available to address those challenges. All six challenges have solutions in Cloud Computing and SMEs are educated on these solutions and also how to access these on a pay as you use model of consumption. / Business Management / D.B.L.

SME

Small and mdeium enterprise

Cloud adoption

Cloud computing

Cloud

Enterprise business challenges

South Africa

Information technology

IT

004.6782068

Cloud computing -- South Africa

Management information systems

E-trust: a building block for developing valuable online platforms in Higher Education

Van Wyk, Byron Jay

January 2013

Thesis submitted in fulfilment of the requirements for the degree Master of Technology Design in the Faculty of Informatics and Design at the Cape Peninsula University of Technology Supervisor: Prof J Messeter Cape Town, 2013 / The aim of this research project was to provide an answer to the question: “How can an understanding of online trust be used to build valuable online applications in Higher Education?” In order to present an answer to this question, a literature survey was conducted to establish: • An understanding of the phenomenon of online trust • What the factors are that influence a loss of trust in the online environment The literature survey highlighted several factors that influence a loss of trust in the online environment, called trust cues. These factors, however, were often tested within the E-commerce environment, and not in organization-specific contexts, such as online platforms in use in Higher Education. In order to determine whether or not these factors would influence the development of trust in context-specific environments, the author of this research grouped the indentified trust factors into three focus areas, i.e. content, ease of use, and navigation. These factors were then incorporated into a series of nine different prototypes. These prototypes were different versions of a particular online platform currently in use at the Cape Peninsula University of Technology (CPUT). The prototypes were tested over a three week period, with certain staff members at the institution in question recruited as test participants. During each week of user observations, a different focus area was targeted, in order to establish the impact that it would have on the perceived trustworthiness of the platform in question. User observations were conducted while test participants completed a standard process using the various prototypes. Semi-structured interviews were also conducted while participants completed the specific process. Participants were asked to evaluate each screen in the process according to its perceived trust worthiness, by assigning a trust level score. At the completion of the three rounds of user observations, in-depth interviews were conducted with test participants. The participants’ trust level scores for each prototype were captured and graphed. A detailed description for the score given for a particular screen was presented on each graph. These scores were combined to provide an analysis of the focus area tested during the specific round. After the three rounds of user observations were completed, an analysis of all the trust factors tested were done. Data captured during interviews were transcribed, combined with feedback received from questionnaires, and analysed. An interpretation of the results showed that not all trust factors had a similar influence in the development of trust in the online platform under investigation. Trust cues such as content organization, clear instructions and useful content were by far the most significant trust factors, while others such as good visual design elements, professional images of products, and freedom from grammatical and typographical errors had little or no impact in the overall trustworthiness of the platform under investigation. From the analysis done it was clear that the development of trust in organization-specific contexts is significantly different than developing trust in an E-commerce environment and that factors that influence the development of trust in one context might not always be significant in another. In conclusion, it is recommended that when software applications are developed in organization-specific contexts, such as Higher Education, that trust factors such as good content organization, clear instructions and useful content be considered as the most salient. Organization-specific contexts differ quite significantly in that the users of these systems often convey a certain degree of trust toward the online platforms that they work with on a daily basis. Trust factors that are geared toward developing an initial or basic trust in a particular platform, which is often the case with first time users engaging in an E-commerce platform, would therefore not be as significant in the development of a more developed level of trust, which is what is needed within the development of organization-specific online platforms.

Internet in education.

Online trust

Dissertations, Academic.

MTech

Theses, dissertations, etc.